Biblio

Instant messaging is an application that is widely used to communicate. Based on the wearesocial.com report, three of the five most used social media platforms are chat or instant messaging. Instant messaging was chosen for communication because it has security features in log in using a One Time Password (OTP) code, end-to-end encryption, and even two-factor authentication. However, instant messaging applications still have a vulnerability to account theft. This account theft occurs when the user loses his cellphone. Account theft can happen when a cellphone is locked or not. As a result of this account theft, thieves can read confidential messages and send fake news on behalf of the victim. In this research, instant messaging application security will be applied using hybrid encryption and two-factor authentication, which are made interrelated. Both methods will be implemented in 2 implementation designs. The implementation design is securing login and securing sending and receiving messages. For login security, QR Code implementation is sent via email. In sending and receiving messages, the message decryption process will be carried out when the user is authenticated using a fingerprint. Hybrid encryption as message security uses RSA 2048 and AES 128. Of the ten attempts to steal accounts that have been conducted, it is shown that the implementation design is proven to reduce the impact of account theft.

Enterprises round the globe have been searching for a way to securely empower AndroidTM devices for work but have spurned away from the Android platform due to ongoing fragmentation and security concerns. Discrepant vulnerabilities have been reported in Android smartphones since Android Lollipop release. Smartphones can be easily hacked by installing a malicious application, visiting an infectious browser, receiving a crafted MMS, interplaying with plug-ins, certificate forging, checksum collisions, inter-process communication (IPC) abuse and much more. To highlight this issue a manual analysis of Android vulnerabilities is performed, by using data available in National Vulnerability Database NVD and Android Vulnerability website. This paper includes the vulnerabilities that risked the dual persona support in Android 5 and above, till Dec 2017. In our security threat analysis, we have identified a comprehensive list of Android vulnerabilities, vulnerable Android versions, manufacturers, and information regarding complete and partial patches released. So far, there is no published research work that systematically presents all the vulnerabilities and vulnerability assessment for dual persona feature of Android's smartphone. The data provided in this paper will open ways to future research and present a better Android security model for dual persona.

Privacy preservation is a challenging task with the huge amount of data that are available in social media. The data those are stored in the distributed environment or in cloud environment need to ensure confidentiality to data. In addition, representing the voluminous data is graph will be convenient to perform keyword search. The proposed work initially reads the data corresponding to social media and converts that into a graph. In order to prevent the data from the active attacks Advanced Encryption Standard algorithm is used to perform graph encryption. Later, search operation is done using two algorithms: kNK keyword search algorithm and top k nearest keyword search algorithm. The first scheme is used to fetch all the data corresponding to the keyword. The second scheme is used to fetch the nearest neighbor. This scheme increases the efficiency of the search process. Here shortest path algorithm is used to find the minimum distance. Now, based on the minimum value the results are produced. The proposed algorithm shows high performance for graph generation and searching and moderate performance for graph encryption.

The article presents a proposal for implementing asymmetric cryptography, specifically the elliptic curves for the protection of high-speed data transmission in a corporate network created on the platform of PLC (Power Line Communications). The solution uses an open-source software library OpenSSL. As part of the design, an experimental workplace was set up, a DHCP and FTP server was established. The possibility of encryption with the selected own elliptic curve from the OpenSSL library was tested so that key pairs (public and private keys) were generated using a software tool. A shared secret was created between communication participants and subsequently, data encryption and decryption were performed.

Public-key cryptography is a ubiquitous buildingblock of modern telecommunication technology. Among the most historically important, the knapsack-based encryption schemes, from the early years of public-key cryptography, performed particularly well in computational resources (time and memory), and mathematical and algorithmic simplicity. Although effective cryptanalyses readily curtailed their widespread adoption to several different attempts, the possibility of actual usage of knapsack-based asymmetric encryption schemes remains unsettled. This paper aims to present a novel construction that offers consistent security improvements on knapsack-based cryptography. We propose two improvements upon the original knapsack cryptosystem that address the most important types of attacks: the Diophantine approximationsbased attacks and the lattice problems oracle attacks. The proposed defences demonstrably preclude the types of attacks mentioned above, thus contributing to revive knapsack schemes or settle the matter negatively. Finally, we present the http://t3infosecurity.com/nepsecNep.Sec, a contest that is offering a prize for breaking our proposed cryptosystem.

One of the significant advancements in information technology is Cloud computing, but the security issue of data storage is a big problem in the cloud environment. That is why a system is proposed in this paper for improving the security of cloud data using encryption, information concealment, and hashing functions. In the data encryption phase, we implemented hybrid encryption using the algorithm of AES symmetric encryption and the algorithm of RSA asymmetric encryption. Next, the encrypted data will be hidden in an image using LSB algorithm. In the data validation phase, we use the SHA hashing algorithm. Also, in our suggestion, we compress the data using the LZW algorithm before hiding it in the image. Thus, it allows hiding as much data as possible. By using information concealment technology and mixed encryption, we can achieve strong data security. In this paper, PSNR and SSIM values were calculated in addition to the graph to evaluate the image masking performance before and after applying the compression process. The results showed that PSNR values of stego-image are better for compressed data compared to data before compression.

Mobile sensors are playing a vital role in various applications of a normal day life. Key size in securing data is an important issue to highlight in mobile sensor data transfer between a smart device and a data storage component. Such key size may affect memory storage and processing power of a mobile device. Therefore, we proposed a secure mobile sensor data transfer protocol called secure sensor protocol (SSP). SSP is based on Elliptic Curve Cryptography (ECC), which generates small size key in contrast to conventional asymmetric algorithms like RSA and Diffie Hellman. SSP receive values from light sensor and magnetic flux meter of a smart device. SSP encrypts mobile sensor data using ECC and afterwards it stores cipher information in MySQL database to receive remote data access. We compared the performance of the ECC with other existing asymmetric cryptography algorithms in terms of secure mobile sensor data transfer based on data encryption and decryption time, key size and encoded data size. In-addition, SSP shows better results than other cryptography algorithms in terms of secure mobile sensor data transfer.

Nowadays the provision of online services by government or business organizations has become a standard and necessary operation. Transferring data including the confidential or sensitive information via Internet or insecure network and exchange of them is also increased day by day. As a result, confidential information leakage and cyber threats are also heightened. Confidential information trading became one of the most profitable businesses. Encrypting the data is a solution to secure the data from being exposed. In this paper, we would like to propose a solution for the secure transfer of data using symmetric encryption, asymmetric encryption technologies and Key Generation Server as a mixed hybrid solution. A Symmetric encryption, modified AES algorithm, is used to encrypt data. Digital certificate is used both for data encryption and digital signing to assure data integrity. Key generation server is used to generate the second secret key from the publicly recognized information of a person and this key is used as a second secret key in the modified AES. The proposed hybrid solution can be utilized in any applications that require high confidentiality, integrity of data and non-repudiation.

This paper presents an analysis of Rabin-P encryption scheme on microprocessor platform in term of runtime and energy consumption. A microprocessor is one of the devices utilized in the Internet of Things (IoT) structure. Therefore, in this work, the microprocessor selected is the Raspberry Pi that is powered with a smaller version of the Linux operating system for embedded devices, the Raspbian OS. A comparative analysis is then conducted for Rabin-p and RSA-OAEP cryptosystem in the Raspberry Pi setup. A conclusion can be made that Rabin-p performs faster in comparison to the RSA-OAEP cryptosystem in the microprocessor platform. Rabin-p can improve decryption efficiency by using only one modular exponentiation while produces a unique message after the decryption process.

Data encryption techniques are important for answering the question: How secure is the Internet for sending sensitive data. Keeping data secure while they are sent through the global network is a difficult task. This is because many hackers are fishing these data in order to get some benefits. The researchers have developed various types of encryption algorithms to protect data from attackers. These algorithms are mainly classified into two categories namely symmetric and asymmetric encryption algorithms. This survey sheds light on the recent work carried out on encrypting a text into an image based on the RGB color value and held a comparison between them based on various factors evolved from the literature.

Image Encryption is a technique where an algorithm along with a set of characters called key encrypts the data into cipher text. The cipher text can be converted back into plaintext by decryption. This technique is employed for the security of data such that confidentiality, integrity and authenticity of data is maintained. In today's era security of information has become a crucial task, unauthorized access and use of data has become a noticeable issue. To provide the security required, there are several algorithms to suit the purposes. While the use and transferring of images has become easy and faster due to technological advancements especially wireless sensor network, image destruction and illegitimate use has become a potential threat. Different transfer mediums and various uses of images require different and appropriately suiting encryption approaches. Hence, in this paper we discuss the types of image encryption techniques. We have also discussed several encryption algorithms, their advantages and suitability.

The target of this venture is to give the protected correspondence among the associated frameworks in the system. It gives the vital validation to the record moving in the system transmission. It comprises of 3 modules in particular encryption and unscrambling module, secret key verification to the information that needs to transmit through system. In this system, File Transfer Protocol can be used to execute Server-client innovation and the document can be scrambled and unscrambled by sending the end client through attachment programming of the end client.

The continuous progress of electronic equipments has influenced car manufacturers, leading to the integration of the latest infotainment technologies and providing connection to external devices, such as mobile phones. Modern cars work with ECUs (Electronic Control Units) that handle user interactions and sensor data, by also sending information to actuators using simple, reliable and efficient networks with fast protocols, like CAN (Controller Area Network). This is the most used vehicular protocol, which allows interconnecting different ECUs, making them interact in a synergic manner. On the down side, there is a security risk related to the exposition of malicious ECU's frames-possibly generated by compromised devices-which can lead to the possibility to remote control all the car equipments (like brakes and others) by an attacker. We propose a solution to this problem, designing an authentication and encryption system above CAN, called AuthentiCAN. Our proposal is tailored for the evolution of CAN called CAN-FD, and avoids the possibility for an attacker to inject malicious frames that are not discarded by the destination ECUs. Also, we avoid the possibility for an attacker to learn the interactions that occur across ECUs, with the objective of maliciously replaying messages-which would lead the actuator's logic to be no longer compliant with the actual data sources. We also present a simulation study of our solution, where we provide an assessment of its overhead, e.g. in terms of reduction of the throughput of data-unit transfer over CAN-FD, caused by the added security features.

Voice communication is an important need in daily activities whether delivered with or without technology. Telecommunication technology has accommodated this need by providing a wide range of infrastructure, including large varieties of devices used as intermediary and end devices. One of the cellular technologies that is very widely used by the public is GSM (Global System for Mobile), while in the military, trunked radio is still popular. However, the security systems of GSM and trunked radio have limitations. Therefore, this paper proposes a platform to secure voice data over wireless mobile communication by providing end-to-end encryption. This platform is robust to noise, real-time and remains secure. The proposed encryption utilizes multicircular permutations rotated by expanded keys as dynamic keys to scramble the data. We carry out simulations and testbed implementation to prove that application of the proposed method is feasible.

PRIME protocol is a narrowband power line communication protocol whose security is based on Advanced Encryption Standard. However, the key expansion process of AES algorithm is not unidirectional, and each round of keys are linearly related to each other, it is less difficult for eavesdroppers to crack AES encryption algorithm, leading to threats to the security of PRIME protocol. To solve this problem, this paper proposes an improvement of PRIME protocol based on chaotic cryptography. The core of this method is to use Chebyshev chaotic mapping and Logistic chaotic mapping to generate each round of key in the key expansion process of AES algorithm, In this way, the linear correlation between the key rounds can be reduced, making the key expansion process unidirectional, increasing the crack difficulty of AES encryption algorithm, and improving the security of PRIME protocol.

Cryptography algorithms play a critical role in information technology against various attacks witnessed in the digital era. Many studies and algorithms are done to achieve security issues for information systems. The high complexity of computational operations characterises the traditional cryptography algorithms. On the other hand, lightweight algorithms are the way to solve most of the security issues that encounter applying traditional cryptography in constrained devices. However, a symmetric cipher is widely applied for ensuring the security of data communication in constraint devices. In this study, we proposed a hybrid algorithm based on two cryptography algorithms PRESENT and Salsa20. Also, a 2D logistic map of a chaotic system is applied to generate pseudo-random keys that produce more complexity for the proposed cipher algorithm. The goal of the proposed algorithm is to present a hybrid algorithm by enhancing the complexity of the current PRESENT algorithm while keeping the performance of computational operations as minimal. The proposed algorithm proved working efficiently with fast executed time, and the analysed result of the generated sequence keys passed the randomness of the NIST suite.

The purpose of this paper is to improve the safety of chaotic image encryption algorithm. Firstly, to achieve this goal, it put forward two improved chaotic system logistic and henon, which covered an promoted henon chaotic system with better probability density, and an 2-dimension logistic chaotic system with high Lyapunov exponents. Secondly, the chaotic key stream was generated by the new 2D logistic chaotic system and optimized henon mapping, which mixed in dynamic proportions. The conducted sequence has better randomness and higher safety for image cryptosystem. Thirdly, we proposed algorithm takes advantage of the compounded chaotic system Simulation experiment results and security analysis showed that the proposed scheme was more effective and secure. It can resist various typical attacks, has high security, satisfies the requirements of image encryption theoretical.

The fuzzy query scheme based on vector index uses Bloom filter to construct vector index for key words. Then the statistical attack based on the deviation of frequency distribution of the vector index brings out the sensitive information disclosure. Using the noise vector, a fuzzy query scheme resistant to the statistical attack serving for encrypted database, i.e. S-BF, is introduced. With the noise vector to clear up the deviation of frequency distribution of vector index, the statistical attacks to the vector index are resolved. Demonstrated by lab experiment, S-BF scheme can achieve the secure fuzzy query with the powerful privation protection capability for encrypted cloud database without the loss of fuzzy query efficiency.

Research and Development, and information management professionals routinely employ simple keyword searches or more complex Boolean queries when using databases such as PubMed and Ovid and search engines like Google to find the information they need. While satisfying the basic needs of the researcher, basic search is limited which can adversely affect both precision and recall, decreasing productivity and damaging the researchers' ability to discover new insights. The cloud service providers who store user's data may access sensitive information without any proper authority. A basic approach to save the data confidentiality is to encrypt the data. Data encryption also demands the protection of keyword privacy since those usually contain very vital information related to the files. Encryption of keywords protects keyword safety. Fuzzy keyword search enhances system usability by matching the files perfectly or to the nearest possible files against the keywords entered by the user based on similar semantics. Encrypted keyword search in cloud using this logic provides the user, on entering keywords, to receive best possible files in a more secured manner, by protecting the user's documents.

We are answering the question whenever systems with convolutional neural network classifier trained over plain and encrypted data keep the ordering according to accuracy. Our motivation is need for designing convolutional neural network classifiers when data in their plain form are not accessible because of private company policy or sensitive data gathered by police. We propose to use a combination of fully connected autoencoder together with a convolutional neural network classifier. The autoencoder transforms the data info form that allows the convolutional classifier to be trained. We present three experiments that show the ordering of systems over plain and encrypted data. The results show that the systems indeed keep the ordering, and thus a NN designer can select appropriate architecture over encrypted data and later let data owner train or fine-tune the system/CNN classifier on the plain data.

Cipher Text Policy Attribute Based Encryption which is a form of Public Key Encryption has become a renowned approach as a Data access control scheme for data security and confidentiality. It not only provides the flexibility and scalability in the access control mechanisms but also enhances security by fuzzy fined-grained access control. However, schemes are there which for more security increases the key size which ultimately leads to high encryption and decryption time. Also, there is no provision for handling the middle man attacks during data transfer. In this paper, a light-weight and more scalable encryption mechanism is provided which not only uses fewer resources for encoding and decoding but also improves the security along with faster encryption and decryption time. Moreover, this scheme provides an efficient key sharing mechanism for providing secure transfer to avoid any man-in-the-middle attacks. Also, due to fuzzy policies inclusion, chances are there to get approximation of user attributes available which makes the process fast and reliable and improves the performance of legitimate users.

The problems of synthesis of a digital data encryption system based on dynamic chaos in a research project carried out at the Department of Marine Electronics (SMTU) are considered. A description is made of the problems of generating a chaotic (random) signal in computer systems with calculations with finite accuracy.

In this paper, a novel Dynamic Chaotic Biometric Identity Isomorphic Elliptic Curve (DCBI-IEC) has been introduced for Image Encryption. The biometric digital identity is extracted from the user fingerprint image as fingerprint minutia data incorporated with the chaotic logistic map and hence, a new DCBDI-IEC has been suggested. DCBI-IEC is used to control the key schedule for all encryption and decryption processing. Statistical analysis, differential analysis and key sensitivity test are performed to estimate the security strengths of the proposed DCBI-IEC system. The experimental results show that the proposed algorithm is robust against common signal processing attacks and provides a high security level for image encryption application.

Traditional encryption algorithms are not suitable for modern mass speech situations, while some low-dimensional chaotic encryption algorithms are simple and easy to implement, but their key space often small, leading to poor security, so there is still a lot of room for improvement. Aiming at these problems, this paper proposes a new type of four-dimensional chaotic system and applies it to speech encryption. Simulation results show that the encryption scheme in this paper has higher key space and security, which can achieve the speech encryption goal.

Chaos-based encryption is one of the promising cryptography techniques that can be used. Although chaos-based encryption provides excellent security, the finite precision of number representation in computers affects decryption accuracy negatively. In this paper, a way to mitigate some problems regarding finite precision is analyzed. We show that the use of maps with small Lyapunov exponents can improve the performance of chaotic encryption scheme, making it suitable for image encryption.